Ubuntu Security Notice USN-5896-1
Ubuntu Security Notice 5896-1 - It was discovered that Rack was not
properly parsing data when processing multipart POST requests. If a user
or automated system were tricked into sending a specially crafted
multipart POST request to an application using Rack, a remote attacker
could possibly use this issue to cause a denial of service. It was
discovered that Rack was not properly escaping untrusted data when
performing logging operations, which could cause shell escaped sequences
to be written to a terminal. If a user or automated system were tricked
into sending a specially crafted request to an application using Rack, a
remote attacker could possibly use this issue to execute arbitrary code in
the machine running the application.
https://packetstormsecurity.com/files/171171/USN-5896-1.txt
Tue, 28 Feb 2023 17:09:05 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com (2:467/4.444)